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CONTENT CERTIFICATION 

5 

Reference to Related Applications 
This application relates to pending U.S. application Serial No. ' 
09/248,370, entitled "Content Certification", filed on February 8, 1999 and U.S. 
Provisional Application Number 60/153,901 filed September 14, 1999. These 
10 applications are incorporated by reference in their entirety herein. 

Background of the Invention 
The Internet and the World Wide Web have made information 
dissemination fast, easy, and cheap. Postings from both businesses and 

1 5 individuals have contributed to the wealth of available information. 

Unfortunately, the available information is sometimes of dubious value. For 
example, in 1998 a news agency accidentally posted a pre-written obituary of 
Bob Hope on its Web-site, Congress held a moment of silence in his honor. The 
report of Mr. Hope's demise, however, was greatly exaggerated. Other Internet 

20 postings have been less innocuous such as the accidental pre-release of economic 
data by tiie U.S. Bureau of Labor and Statistics. 

In addition to accidental postings, some information available on the 
Internet; purporting to be from ofBcial sources, includes intentionally fabricated 
data or malicious statements. As a result, users tend to be somewhat skeptical of 

25 information accessed fi^om flic Internet Additionally, some businesses, wary of 
potential liability or embarrassment, have begun to err on the side of safety and 
withhold information from Internet publication. These factors combine to reduce 
the effectiveness of the Internet as a communication medium. 



30 



wo 00/46681 



PCT/USOO/03489 



Summary of the Invention 
In general, in one aspect, a raettiod of processing content includes 
5 storing verification information corresponding to certified content at a first 
computer and 

receiving a verification request corresponding to content from a second computer. 

The method determines verification information for the content corresponding to 

the verification request and compares the determined verification information 
1 0 with the stored verification information. 

Embodiments may include one or more of the following features. The 

method may feature receivmg content certification criteria tiiat can be used to 

determine whether content should be certified. The content certification criteria 

can be a list of required approval or programmed logic. The method may also 
1 5 feature storing certification information (e.g,, a type of certification granted, 

entities approving certification, and when the content was certified). The 

verification information can include information derived from the content such as 

at least one hash key. 

The verification request can include a URL. This can enable 
20 determination of verification mformation by collecting content from tiie URL 

included in the verification request 

The verification request can include content This can enable 

determination of verification information by determining verification information 

for the content included in the vmfication request 
25 The Verification request can include verification information. This 

can enable determination of verification information by merely using information 

included in the verification request 
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Receiving a verification request may be produced by user interaction 
with a certification indicator, for example, a certification indicator included in the 
content 

S The certification indicator can include a graphic image having associated 

instructions that produce a verification request The method may further include 
transmitting certification information to the second computer. 

The cont^t may include gr^hics, text, animation, sound, and 
instructions. The content may form a web^age. 
10 Hie comparing may include issuing verification requests to connected 
certification servers. 

In general, in another aspect, a method includes presenting an 
indication that content is certified and receiving user input requesting 
certification verification of the content The method further includes transmitting 
I S a certification verification request to a certification server and receiving 
information indicating whether tiie content has actually been certified. 

Embodiments may include one or more of the follov^g features. 
Presenting an indication may include presenting a user interface control. The 
method may fiirther include displaymg information included in the information 
20 received (e.g., content authorship, revision number, expiration date, and type of 
certification). 

Transmitting a certification verification request may include 
transmitting verification information determined from the content such as one or 
more hash keys. Transmitting a certification verification request may include 
25 transmitting information included m the content 

Transmitting a certification verification may include transmitting a URL. 

In general, in another aspect, a method of controlling content 
distribution includes receiving certification catena for content to be distributed. 
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identifying content to be distributed, and determining whether the identified 
content satisfies the received certification criteria, 

anbodiments may include one or more of the following features. 
Identifying content may include receiving a request for content at a server. 
5 Identifying content may include collecting content from a set of locations. 
Determining whether the cont^t satisfies the certification criteria may include 
identifying at least one digital signature associated with the content and/or 
determining verification information (e.g., a hash key) for the content 

Advantages may include one or more of the following features. Hie 

10 techniques provide users with a simple and intuitive mefliod of verifying that 
content (e-g., a web-page) has been certified by an organization. Verification can 
be a mouse-click away when content includes a certification indicator. 
Underlying mechanisms protect flie verification process from &Isification and 
tampering. These mechatdsms enable users to trust the authenticity of displayed 

15 content 

The techniques also enable an organization to carefully define 
certification procedures that content must undergo before certification and 
distribution. Automating these certification procedures enables an organization 
to vigiiantty control the quality and reliability of information provided. 
20 Different implementation architectures permit distribution of 

certification functions across different computers and potentially speeding 
certification verification. 

Other advantages of the invention will become apparent in view of tiie 
following description, including the figures, and the claims. 

25 

Brief Description of the Drawings 
FIG. 1 is a sCTeenshot of content tiiat includes a certification indicator, 
FIG. 2 is a screcnshot of information that vwifies conteht cCTfification. 
FIG. 3 is a flowchart of a process for certifying content 
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FIG. 4 is a flow diagram of a certificatioa and certification 
verification of content 

FIG. 5 is a flowchart of a certification procedure, 

FIG. 6 is a block diagram of a certification scheme, 
5 FIGS. 7A and 7B are screenshots of user interfaces for submitting 

content for certification. 

FIG. 8 is a flow diagram of content certification. 

FIG. 9 is a flowchart of content certification. 

FIG. 10 is a diagram of information stored at a certification server. 
1 0 FIG. 1 1 is a diagram of digital signature blocks issued for certified 

content 

FIG. 12 is a blodc diagram of a certification server and certified 

content 

FIGS. 13-14 are flowcharts of processes for monitoring posted 

15 content 

FIGS, 15-16 are scre«ishots of graphical user interfeces tiiat include 

certification indicators. 

FIG. 1 7 is a diagram of a certification verification request 
FIGS. 18-22 arc flowdiarts of processes for certification verification. 
20 FIG. 23 is a flowchart of a process for creating multiple certification 

servers. 

FIG, 24 b a blodc diagram of a hierarchy of certification servers, 

FIG. 25 is a flowchart of a certification verification process using 
multiple certification servers. 
25 FIG. 26 is a block diagram of fi:anchisee certification servers. 

FIG. 27 is a flowchart of a process for transmitticg content to a 
franchisee server. 

FIG. 28 is a flowchart of a process for updating contenf offered by a 
franchisee server. 
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FIG. 29 is a screenshot of a browser's display of an Internet page. 

FIGS. 30-36 are screenshots of different persistent displays that notify 
a user whether content is certified. 

FIGS, 37, 39, 41, and 43 are diagrams of systems for validating 
S content certification. 

FIGS. 38, 40, and 44 are flow-charts of processes for validating 
content certification. 

FIG. 42 is a diagram of a manifest of web-page contents, 

FIG. 45 is a diagram of a certification server and a validation server* 

10 

I>escription of the Preferred Embodiments 

Introduction 

Referring to FIG, 1, a browser's graphical user interface 100 (e.g., 
1 5 Netscape™ Navigator^) presents content 104 provided by a resource (e.g., a file) 
at a URL (Universal Resource Locator) 102. The content 104 can mclude 
graphics, text, animation, sound, instructions (e,g., Java Applets), etc. A URL 
1 02 can refer to a location on a remote computer that stores the content 1 04 as 
data and presentation instructions. The presentation instructions and data can be 
20 in a variety of formats such as HTML (HyperTcxt Markup Language), XML 
(Extensible Markup Language), PDF (Portable Document Format), JPEG (Joint 
Photographic Experts Group), and MPEG (Moving Picture Experts Group). 
When a browser requests content 104 from a URL 102 resource, a remote 
computer providing the resource can transmit the content 104 to a browser for 
25 presentation. As shown, the browser is an independent application, however, 
o&er applications (e.g., an e-mml program, a word processor, or a spread-sheet) 
can incorporate fizncdons traditionally performed by the browser. 

As shown in FIG, 1, the browser display 100 includes a certzfication 
indicator 106. The indicator 106 provides a simple method of ensuring that the 
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content 104 presented has undergone a certification process. Content 104 may 
include one or more certification indicators 106 (e.g., "Certified by the Legal 
Department" and "Certified by the Marketing D^artment*% As shown, the 
indicator 106 is a user interface control that lias a graphic image, however, 
5 different implementations can present the control to a user as text, sounds, or by 
using other user interface tediniques. User selection of the indicator 106 (e.g., 
using a mouse or other pointing device to click on the graphic image) initiates a 
certification verification process that can confirm that the content presented is the 
same content that has undergone the certification process claimed by the 

10 certification indicator 106. 

Referring to FIG, 2, flie certification verification process can produce 
a window 108 that includes a display of information describing the content's 104 
certification such as the entities that have approved the content 1 14, when such 
approval occurred 1 16, the version number 118, etc. Odier user intcr&ce 

IS techniques can notify a user of certification. For example, a user interface can 
play voice data provided by a person who certified the data (e,g., "This web-page 
was approved by John Doe on February 8, 1999"), 

FIGS. 1 and 2 illustrate a simple and mtuitive interface that ensures 
presented content is genuine* Underlying mechanisms protect the verification 

20 process firom being falsified or mimicked. These mechanisms enable users to 
trust the authenticity of displayed content and provide web administrators with a 
tool for controlling content offered by a site. 

Referring to FIG. 3, a certification process permits an entity (e.g., 
business, organization, or individual) to establish certification criteria 140. For 

25 example, a business can list employees that must approve submitted content 142 
before it receives certification. After certification and distribution 144 of cont^t 
(e-g-f by posting the content on an Intranet, Extranet, or Internet site or e-mailing 
the content to recipients), medianisms can verify 146 that the content pr&ented 
to a user satisfies the criteria required for certification 140 and has not been 
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altered since certification. The process can then present certification information 
such as the entities that approved the content Thus, users can view unforgeable 
infonnation detailing the certification process undergone by content prior to 
distribution. 

5 Referring to FIG. 4, an illustrative implementation uses a certification 

server 124 that includes instructions 126 for certifying submitted content 122. 
The certification instructions 126 can enforce certification criteria (e.g., all 
content must be approved by the legal dq}artment). The certification server 124 
can include a database 128 for storing verification infonnation determined firom 

10 certified content The verification infonnation includes data that identifies the 
certified content such as a URL, compressed or uncompressed portions of the 
content, and/or an assigned identification number. The verification information 
may also include one or more hash keys (e.g., an MDS hash and an SHA hash). 
A hash key is produced by a one-way function and typically requires littie storage 

1 5 space (e.g., 1 60-bits). Hash keys are nearly guaranteed to be unique for any 
given content 

The database 128 can also store c^tification infonnation such as the 
type of certification (e.g., the Legal D^artment), entities certifying the 
document, when certification occiured, vAien certification expires, flic version of 

20 the certified content, etc. Certification inforaiation and verification information 
are not mutually exclusive categories. A piece of data may be both certification 
information and verification infomiation. 

As shown in FIG. 4, the ceitification server 124 also includes 
instructions 132 for processing requests 134 for cwtification verification. To 

25 verify certification, the instructions 132 can compare the verification infonnation 
130 stored during certification to verification information determined for the 
content being verified. A match indicates the content has undergone a 
certification process and has not been altered since. Tlie certification server 124 
can transmit information confirming certification of the content in question, for 
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example, by dynamically generating HTML instructions that includes 
certification information. An administrator can revoke certification by simply 
deleting or altering information in the database 128. 

5 Defining a Certification Procedure 

Referring to FIG. 5, an organization can use an interface to define 
different certifications 148 and criteria for granting the certifications 150 to 
submitted content The criteria can include a simple list of employees that must 
approve submitted content Criteria can also include programmed logic that tests 

10 for satisfaction of different conditions. The ability to program aiteria enables a 
business to define certification processes that reflect a commitment to distributing 
thoroughly reviewed contoit 

Referring to FIG. 6, one possible certification scheme 152 uses 
different certification levels. As shown, the levels include site-wide certification 

15 154, class certification 156-158, and individual certification 160-164. Each 
defmed certification can include its own granting criteria. For example, to obtain 
site-wide catification, content must first receive edification Grom the Legal 
Department 156, the Mariceting Department 158, and tiie company's CEO 164. 
Similarly, to receive Legal Department certification 156, at least two members of 

20 the legal department and a text-scanning program that looks for certain phrases 
must approve the content As shown, the certification criteria can include 
different levels of abstraction. For example, instead of requiring certification 
fix)m a particular named person, certification criteria can be more abstractly 
expressed, for example, as a role 162 (e.g*, chief attorney) within an organization. 

25 This enables certification to continue as different persons fill positions. 

The criteria for certification may include different levels of approval. 
For example. Marketing Department certification 158 may only require that each 
member of tiie marketing department receives content for review, whileXegal 
Department certification may require that each member afOrmatively indicates 
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approval of the content Additionally, certification may be sought for internal 
(e.g., on an Intranet) or external publication (e.g., on the Internet). The criteria 
for external publication can be stricter than the criteria for internal publication. 
The scheme 152 shown forms a hierarchy between the different 
S certification levels 1S4-164. The hierarchical structure is a function of the 
defined criteria and is not an inherent characteristic of schemes having different 
certifications. 

Content Certification 

10 Referring to FIGS, 7A and 7B, easy-to-use graphical user interfaces 

shield users from the tnecbanics of submitting content for certificatioiL For 
example, as shown in FIG. 7A, a user can submit content via a password 
protected web-page by dragging-and-dropping content onto one or more defined 
certification controls 156, 158. A control 156, 158 receiving the content can 

1 5 prepare and transmit a certification request indicating the content and the 
certification desired. The certification controls 156, 158 presented can vary 
depending on the person submitting content Alternatively, as shown in FIG. 7B, 
an application toolbar 171 can include a "Certify** button 173. Selecting the 
button 173 can prepare and transmit a certification request for a document The 

20 user interfeces of FIG. 7A and 7B are merely illustrative and other differentiy 
designed user interfaces could easily provide similar fimctions. Additionally, a 
system need not provide a graphical user inter&ce at all, for example, by using e- 
mai] to submit content for certification. 

Referring to FIG. 8, a certification request 1 66 includes content 168 

25 (or a reference to content) submitted for certification and other information 170 
such as the certification desired (e,g., site-wide certification or Legal Department 
certification), the content authors, and a proposed URL. The request 166 can also 
include information sudi as a revision number, content keywords, titi^etc. (not 
shown). 
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SSL (Secure Socket Layer), S-HTTP (Secure Hypertext Transfer 
Protocol), and other secure conunuaications techniques can protect submitted 
content from tampering during transmission. Additionally, a request 166 can 
include one or more digital signatures (not shown) that enable a receiving 
5 computer to authenticate the source of the message. While these features 
enhance security and protect content from tampering en route to the certification 
server, the certification process does not require these measures. 

The certification servo: 124 can process certification requests* The 
server 124 can distribute submitted content to individuals 172 that could 

10 potentially provide approval needed for certification. For example, the server 
124 can distribute content to all tiie members of the Legal Departmait when a 
request is made for Legal Department certification. Workflow software, e-mail 
daemons, and other techniques, potentially executing on computers otiier than the 
certification server, can also distribute content to individuals for certification. 

1 5 As shown in FIG. 8, after an entity 172 receives and reviews 

submitted content 168, the entity 172 can notify the certification server 124 of its 
approval by sending a certification message 174. The certification message 174 
can include the submitted content 168 and otiier information 170 mcluded in the 
certification request The message can also include inforaiation 174 that 

20 describes the person transmitting the certification message 174a, tiie type of 
certification granted 174b (eg., a person can have the capacity to certify content 
for both the marketing and the legal departments), and a level of approval 174c 
(e.g., "for internal use only" or "for publication on flie Internet"). The 
certification message 174 may also include a digital signature 176 (e.g., a 

25 Verisign'^/W3C X.509 digital certificate) belonging to the mdividual submitting 
the certification message 174 or may include information used by other 
authentication techniques sudi as biometric authentication. As shown in FIG. 8, 
the certification server 124 processes received certification messagesl74 with 
certifying instructions 126. 
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Referring to FIG. 9, in one implementation, the certifying instructions 
126 authenticate 178 a certification message to ensure the person claiming to 
have approved submitted content was, in fact, the person who produced the 
certification message 174. After authentication 178, the instructions 126 can 
5 determine 1 80 whether the certification message received satisfies the criteria for 
the certification requested. For example, the instructions 126 can determine 
whether John Doe's 172 certificatioQ message 174, alone or in combinatiott with 
previously received certification messages, is sufficient to obtain Legal 
Department certification. If the received certification message 174 does not 

10 satisfy the criteria, the instructions 126 can store the received certification and 
await further certification messages. The process may store a hash for submitted 
content awaiting fiirlfaer certification to ensure that subsequent certification is for 
tiie same content as the certification already received. Tlie process 126.c^ also 
attempt to certify any links or other objects referenced by the content (e.g., using 

15 W3Cs manifest protocol). 

If tiie received certification message satisfies certification criteria, the 
instmctions 126 can det^mine 184 verification information fit)m the certified 
content or other information provided. For example, the instructions 126 may 
compute one or more hash keys bom the certified content. In general, the 

20 verification information can include any information that can be used to identify 
the certified content. 

After storing the content's certification and verification information in 
the database 186, the instructions 126 can produce a digital signature 188 (e,g., a 
W3C DSig pigital Signature Group) compliant signature) for the content 188. 

25 Hie digital signature 208 can include the computed hash 210, the content's URL 
212, or any other verification or certification information (not shown). 

After producing the digital signature 190, the instructions 126 can 
determine 190 whether flie content can be dynamically modified 192 to"tnclude 
the digital signature. For example, HTML and XML permit dynamic insertion of 
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digital signatures into content (e.g., as header information or as a newly defined 
tag). Inclusion of the digital signature in the content ensures that the digital 
signature travels with the content instead of assuming tfie signature will remain 
paired with the content during distribution. Tlie instructions 126 can also 
5 dynamically modify the content to include one or more certification indicators 
106. The instmctions 126 can store the digital signature(s) in its database. This 
prevents database contents from being tampered with as any altered database 
information will not match die digital 5ignature(s) stored. Finally, the content 
and digital signature(s) are distributed by storage at a URL 194, 196 or by 
10 sending back the certified content to a submitting user for distribution (not 
shown). 

Referring to FIG. 10, the certification server database 130 includes 
information corresponding to certified content Iliis information can include a 
URL 199, one or more hash keys 200, certifications obtsdned 201, the certifiers 

IS 202, and a certification expiration date 203. The database 130 can also include 
the location (if any) of previous 204 or later 205 content versions. When the 
certification server 124 receives a certification verification request, the server 124 
can determine whether a user has attempted to access the most recent version of a 
document Hie server 124 can automatically transmit the more recent version of 

20 the document to the user. The database can include a wide variety of othw 
information 207 such as a portion of the content and/or a certification expiration 
date. The database 1 30 can also include the location of different translations of 
content and transmit a translation based on **PreferTed Language" data included in 
a certification verification request 

25 Referring to FIG. 1 1, after certification, multiple digital signatures 

210a, 210b of different certifications may be associated with content The 
different digital signatures 210a, 2I0b may be encrypted and identified by an 
encapsulating digital signature 208 of the certification server, ' 
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Referring to FIG. 12, after content certification, the certification 
server 124 database 128 stores the verification infonnation 130 corresponding to 
certified content 168. Refening to FIG. 13, in addition to verifying certification . 
in response to verification requests, the certification process enables an 
5 administrator to enforce minimum certification requirements for posted content. 
For example, a site might define a policy that requires any content available via 
&e World Wide Web to have certification fiom both the Legal and Marketing 
Departments. A process 300 can ensure available content meets these • 
requirements 306 by determining the certification possessed by content at each 

10 URL 304 offered by a site. Determining content certification can include 

identifying and verifying digital signatures stored at the URL. Alternatively, the 
process 300 can determine verification information of a URL and compare the 
determined verification information with verification information originally 
stored during certification. Either technique ensures that employees or others do 

15 not post content without receiving sufficient certificadon. 

Referring to FIG. 14, enforcing certification criteria can instead occur 
at a web-server processing content requests. After receiving a request for content 
303, the web-server can determine 305 if the requested contKit has the 
certification requii^ for transmission 309. If not, the web-server can notify the 

20 web-server administrator 307 that insufiScientiy certified content has been 
requested indicatmg that a link or directory has indicated the presence of the 
content on the server. This enables the administFator to quickly find content that 
should not be posted at the site. Hie webrserver can also store infonnation tiiat 
specifically disavows certification for particular content 

25 

Certification Verification 

Referring to FIG. 15, in one implementation, cwtification instructions 
dynamically modify certified content to include one or more c^tification 
indicators 106a, 106b. Referring to FIG. 16, certification indicators 106c, 106d 
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may instead be paired with a listing of certified URLs 107c, 107d, for example, 
produced by a search engine. The certification indicators 106a, 106b may be 
packaged (e.g., included in tiie same ActiveX control or Java applet) with a 
corresponding URL 107a, 107b to prevent a certification indicator 107a, 107b 
S firom accidental or intentional pairing with a different, potentially uncertified, 
URL. Selecting an indicator 106, 106a, 106b can initiate a certification 
verification process. 

Referring to FIG. 17, initiation of the certification verification process 
can include preparing and transmitting a certification verification request 221 to a 

10 certification server. The request 221 can include, for example, the certification 
claimed by a certification indicator 223 and verification information 22S 
determined from the content presented. The request may be encrypted to prevent 
analysis. The request 221 may also include a portion of the content presented 
227 for comparison to similar information stored in the cotification server. Tlus 

15 can make "door-knob rattling" more difficult That is, people wishing to find a 
valid hash key cannot simply submit request after request wifli differ^t hash 
keys imtil one works, Ttie request 221 can include other information such as tiie 
URL of the contend etc. 

Referring to FIGS. 18-22, certification verification can be 

20 implemented in any number of ways. The techniques used to verify certification 
can depend in part on fimctions provided by the browser (or other application) 
presenting the content in question. For example, older browsers may not accept 
or be able to process digital signatures. Additionally, a browser may not'include 
instructions for determining verification information (e.g., the ability to compute 

25 an MDS hash fiom presented content). 

The different certification verification teduiiques, nevertheless, share 
a general process 132. First, the procedures 132 determine verification 
information (e.g., computing a hash or extracting verification inforfnattcm fi-om a 
distal signature) for content 220 being verified. When the determined 
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verification information matdiGS 222, 224 the verification information originally 
det^mined during certification, the procedures 132 can conclude that tiie content 
satisfies certification criteria and has not been altered since certification. The 
procedures 132 may also dieck to ensure certification has not exph-ed and that a 
5 more recent version of the document has not been certified. 

Afier verifying certification^ the procedures 132 can cause display of 
verification and/or certification information such as the entities that certified a 
document, when certification occurred, etc. Similarly, the procedure 132 can 
notify a user if verification &ils. The procedures 132 can also cause other 

10 programmatic behavior to occur in addition to or in lieu of causing a display of 
information. A small subset of possible implementations follows. 

Referring to FIG, 19, if a browser has access to digital signature(s) 
produced during certification and the ability to determine verification information 
from content, the browser can extract the verification inforatiation from the digital 

15 signature(s) 230, determine the verification mformation of the content in question 
232, and compare flie two 234. A match verifies the claimed certification 236. 
This method does not require access to the certification server for certification 
verification. However, access to the certification server enables a user to 
determme if the content remains certified or has been replaced by a new version. 

20 Referring to FIG. 20, if a browser does not have access to digital 

signature(s) produced during certification but has the ability to determine 
verification information, the browser can determine the verification information 
for the content 240 (e.g, compute a hash) and send the determined verification 
information to the certification server 242, The certification server can compare 

25 244, 246 the determined verification infonnation with the verification 

information originally determined during certification- Again, if the two match, 
the contraf s certification has been verified. 

Refaring to FIG. 21, in some cases, content may not displays 
certification indicator, A user may, nevertheless, determine whether the content 
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received certification. In one implementation, the user can visit a certification 
server web-site 252 and enter a URL for verification 254. Instructions on the 
certification server can collect the content provided by the resource at the 
identified URL, determine verification information fi'om the collected content 
5 256, and compare the determined verification information widi stored verification 
information of certified content If the instructions find a match, the instructions 
can transmit verification and/or certification information to the user. 

Referring to FIG. 22, in another implementation, a user can simply 
transmit content in question to the certification server 266 for certification 

1 0 verification. The certification server determines verification Information for the 
content 268 and can compare 270 this verification information with verification 
information stored in its database. If the certification server identifies a match 
272, the certification server can transmit the verification and/or c^tification 
information to a user for display 274. 

1 5 Each of the implementations described above enables a user to 

quickly determine whether presented content actually comes fix)m an official 
source. This enables a user to place greato- reliance on the presented information 
and can make the user more likely to return to a site. Hie unplementations also 
enable a content provider to closely scrutinize and guard the content it distributes. 

20 

Multiple Certification Servers 

Referring to FIG, 23, the previous discussion described a single 
certification server. Hie techniques described can also be used with a network of 
certification servers. Certification server mstructions 322 can be transmitted to 
25 different computers requesting 320 the instructions. Such transmission can occur 
afier financial arrangements have been settled. Additionally, authentication may 
be performed by both the requesting and transmitting servers. 

Referring to FIG, 24, certification servers may form a hierarchy 324. 
For example, a root certification server 326 connects to diflferent company 
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"Headquarter" certification servers. For example, server 328 may belong to 
Honda while server 330 belongs to General Motors. Each of the headquarter 
servers may connect to different divisions within a company. For example, 
server 332 may belong to Honda Motorcycles while server 334 belongs to Honda 
5 Automobiles. Although FIG. 24 illustrates a hierarchical relationship, other 
certification server topologies are possible. 

Hierarchically organized certification servers permit distribution of 
server processing and storage over a number of computers without losing the 
ability to verify content certified by any of the servers. Additionally, the 

1 0 structure permits hierarchically higher servers to control fimctions performed by 
lower servers. For example, a server can control whether another server is itself 
able to make a request for certification software. 

For example, referring to FIG. 25, a recursive procedure 336 can 
quickly search each certification server to verify certification of content ui 

1 5 question. After receiving a verification request 33 8, a certification server can 
check its own database 340 for verification information corresponding to tiie 
verification request 338, If unable to find the verification mformation in its own 
database, the server can issue a verification request to cormected servers 344. 
Eventually, a verification request will reach the server used for certification of the 

20 content 342 or all servers will return an indication that no server has certified the 
content in question, 

Otfier procedures can go up the hierarchy rather than down. For 
example, when a division certification server 332 receives a certification 
verification request it cannot provide, tiie division server 332 can issue a 

25 certification verification request to the hcadquarter's certification server 328, 

Franchising 

A firanchisor (e.g., a corporation or syndicated) often may ^^aiit to 
provide content for display on its fi:anchisee*s Web-sites. For example^ General 
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Motors may want local dealerships to include a national sales advertisement. 
Additionally, franchisees may want to download certified content describing new 
products. 

Referring to FIG, 26, a franchisor 350 (e,g,, a coiporation or 
5 syndicate) can provide content to diflfwent franchisees 352, 354. Any given site 
may act as both a fi^chisee and frandiisor (not shown). . . 

Referring to FIG. 27, after establishing a frandiisor/franchisee 
relationship, a proxy is established at the franchisee with which the franchisor can 
communicate to manage content including refreshing and invalidating content. 

1 0 Thereafter, a franchisee can request content from the fiandiisor 356. After 
authenticating the franchisee's request 357, the franchisor can send the requested 
content, digital signatures associated with the content, and verification 
information determined for the content during certification 35S. The franchisee 
can store the downloaded infr>rmation and provide the content to site visitors 360. 

1 5 Referring to FIG. 28, a franchisor can control the content offered by 

its franchisees. For example, to de-certify or update content, the franchisor can 
download replacement content or the fianchisor can marlc the content in ^e 
proxy invalid. When a fiandiisee receives a request for mvalid content 364, the 
franchisee requests updated content from the franchisor 366. The franchisor can 

20 monitor the content cfifercd by its fianchisees by examining verification 
information corresponding to the content or the content itself. 

After downloading infomiation from a fiandiisor to a franchisee Web- 
server, visitors to the franchisee can view the downloaded content The 
franchisee proxy can automatically transmit a certification verification request 

25 each time a visitor requests content 

Requests for content can be met^ed by tiie franchisee proxy. Thus, a 
franchisor can receive reports regarding vAidi franchisee sites reached the most 
customers. Metering data can be used for analytical purposes or even asa way to 
charge for use of content (e.g., for each web-page hit) or pay for its distribution. 
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For example, metering can be used as a way for fianchisees to charge franchisors 
for distribution of content, for example-, by charging a small fee for each content 
request 

5 Alerting Users of Cont^t Validation 

FIG. 29 again shows a web-page 1 100 presented by an Internet, 
browser. A user viewing the page 1 100 oftea must trust that the content-provider 
stands behind die contents and/or that the contents have not been tampered with. 
Sometimes this trust is misplaced. For example, someone may have posted the 
10 content at the business* web-site Mdthout appropriate approval (e.g., und^going a 
certification process). Alternatively, some intermediate network node may have 
intercepted content as it traveled across the Internet and replaced selected 
portions. 

This application describes techniques that enable a content provider to 
15 certify content. This application also describes techniques for validating 
certification of downloaded content Such validation can include determining 
content is not certified, determining content was altered after certification, 
determinuig certification has expired, and/or determining certification has been 
revoked. Such validation can also include determining and authenticating the 
20 identities of entities claiming to have certified the content As shown in FIGS. 
30-36, these techniques have been embodied in a software program that can use 
graphical indicators, sound, and other notification techniques to notL^ a user 
wheth^ downloaded content is certified content 

25 Displav of Certification Status 

A number of dififerrat mechanisms can notify users of whether 
downloaded content is certified content For example, FIGS, 30 and 3 1 show a 
Microsoft® Wbdows 95 taskbar button 1104 and tray icon 1 106 that change 
appearances based an attempt to validate certification of content displayed m an 
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active browser window. For example, the controls 1 104, 1 106 may notify a user 
of the certification status (e.g., certified, uncertified, expired, revoked, etc.) of 
content using text, graphics, color, and other display attributes. The appearance 
of the controls 1 104, 1 106 may vary in different ways for difiFerent certification 
5 statuses. For example, content that was never certified may cause the tray icon to 
display a bright red skuU and cross bones to alert a user, while content haymg 
revoked certification may cause die tray icon to turn orange. The unobtrusive 
placement of the controls 1104, 1 106 provides real-time, continual, notification 
of content certification without interfering with a user's normal browser 
10 interaction. 

FIGS. 32-35 show a number of other user notification techniques. For 
example, FIG. 28 shows a window 1 108 that displays a map 1 1 10 of content 
displayed by a browser. The map 1 1 10 may include a logo (not shown) of the 
site oflfering the content The different appearances of map regions indicate the 

15 certification status of content For example, red portions may indicate uncertified 
regions of a page, while white portions may indicate certified regions. The 
window enables a user to quickly identify potentially uncertified content 

FIG. 33 shows a window 1 1 12 that displays a tree of web-page 
contents 1 1 14-1 120. Each node m the tree can correspond to a diflBsrent content 

20 (e.g., a node for a page's HTML and nodes for different GIF (Graphics 

IntOTjhange Format) pictures referred to by tfie page). Again, differwit display 
attributes of tree nodes reflect the certification status of content For example, 
shaded node 1 1 16 indicates that tiie picture for ""Digests of Patent Opinions 
Federal Circuit" has not been certified. The map of FIG, 32 and tiie tree of FIG, 

25 33 can provide a user with a visual description of content certification, without 
altering flie browser's display of the page or otherwise altering the browser's 
functions. 

Other techniques, however, use browser-provided fimctionsio provide 
an mdication of the certification status of content- For example, as shown in FIG, 
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34, a browser may be dynamically programmed to display the certification status 
of content on a page as a user brushes the content with a cursor. For browsers not 
offering this capability, this feature may be offered by continuously determiaing 
cursor placement and displaying a window near the content Alternatively, the 
5 window may only be displayed when a user selects content, for example, by 
clicking a mouse button on the content 

As shown in FIG. 35, software can also directly alter the display of 
contents after determining the certification of different portions. For example, as 
shown, the software can black-out 1114 uncertified content, and/or alter flie 

10 display of content 1 1 16 having expired certificadon. Depending on the browse, 
this may require writing a downloaded page to a temporary file, modi^ng the 
temporary file, and reloading the modified temporary file into tiie browser. 

The embodimmts described above can also provide more detailed 
information about the certification of content For example, by selecting the 

15 system taskbar button 1 104 in FIGS. 30 or 3 1, a dialog, as shown in FIG. 36, can 
display detailed infomiation about content The Retailed information can include 
the certifying entity 1 124, a graphic for the entity (e.g., a business trademark), the 
trustworthiness of the page or content 1 125, the URL (Universal Resource 
Locator) or URI (Universal Resource Indicator) of the content 1 127, the range of 

20 dates the certification is valid 1 128, and a "digital fingeq)rint" of the content 
1 129. The dialog may also display oth^ information (not shown) sudi as the site 
certificate of the web-stte providing the page and potentially a text description of 
the "Tnist Poliq^ used by the site to certify content (e,g., "Factpoint, Inc. uses a 
five person review board to catify cont«it prior to posting"). 

25 Any ofthe visual techniques descaibed above can be combined and/or 

used in conjunction with non-visual techniques such as audio messages (e,g.. 
The picture of Abe Lincoln is untrustworthy^. Additionally, while the above 
description described individual pages, the same techniques work ^uatly well 
with fi^ed browser displays that display two or more pages simultaneously. 
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Underlying the displays shown in FIGS. 30-36 are certification 
procedures that enable providers to certify posted content and validation 
procedures that enable users to validate the certification of received content 

5 The Trust Validator 

FIG. 37 shows a client 1 136 browser 1 140 dovraloadmg information 
(i.e., page 1 132) fiom a URL (Universal Resource Locator) 1 132 over a network 
1 144. Hie client 1136 can present the downloaded content on a user's monitor 
1 142, speaker, etc. As shown, the client 1 136 includes "trust validator** software 

10 1138 fliat validates certification of downloaded content The validator 1 138 may 
operate as a background process that monitors content received by the browser 
1 140, for example, via calls to or fi-om the browser API (application 
programming interface). Alternatively, validator 1138 functions may be direcdy 
integrated into the browser 1 140, 

15 The validator 1 138 can validate content certification using 

certification information associated wth the content For example, the validator 
1138 can compare certification information determined for the content 
determined prior to transmission to the client witii certification information 
det^mined after transmission. 

20 In more detail, a certification process produces certification 

information 1 134 based on the certified coatent(s). Typically, this information 
1 134 is produced using a "one-way" function. For example, a hashing function 
may use all or some portion of the ASCII characters in HTML (HyperText 
Markup Language) commands that define a page to produce a set of ou^ut bytes. 

25 Given the same input, the hashing fiinction produces the same output A popular 
hashing functions known as MD5 and SHA can produce relatively small ou^ut 
for large pages. 

The certification information 1 134 derived fipom the conteiif may be 
included in the content itself^ for example, as data, for example, as signature 
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and/or manifest elements of an XML (Extensible Maricup Language) page or as 
an HTML "Meta" element When the certification information 1134 is included 
in the content, it must be removed before re-determining the certification 
information. 

5 Alternatively, the information 1 1 34 may be included in the header of 

an HTTP (HyperText Transfer Protocol) message sent by the server 1 130. In yet 
another implementation, the trust validator 1 138 may independently request 
certification information 1 134 for the downloaded content For example, the site 
may provide a file (e.g., "fectpointtxt") at a predefined location (e.g., 
10 "www.url-com/factpointtxt") that lists where certification information 1 134 for 
site content can be found. The file may refer to otiier sites when the content has 
been copied. 

FIG, 38 shows a process 1 138 ftie trust validator can use to validate 
certification of downloaded content First, the trust validator obtains 1 150 the 

1 5 dowidoaded content (e.g., a page or portion of a page) and the certification 
information associated wifli the content The trust validator 1 138 can obtain this 
information fi*om the browser 1 140 or can establish an mdependent connection 
with tiie server 1130. The trust validator 1 138 can indq)endentiy determine 
certification mformation usmg 1 152 the one-way function on the received 

20 content By comparing 154 the received certification information and the 
independently determined certification information, the validator 1 138 can 
determine 1 154 wheflier the page 1 132 has been altered since certification and 
notify a user of such a change. The trust validator may also notify a web-site 
administrator if certification validation fails so the administrator can investigate 

25 uncertified content offered by the site, 

FIG, 39 shows a scheme tiiat can not only detect tampering, but that 
can also identify and authenticate the entity or entities certifying content Tliis 
scheme features certification information that mcludes a hash digitallysigned by 
one or more certifying entities. A digital signature 1 160, much like a handwritten 
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signature on a piece of paper, provides a degree of certainty that a particular 
entity signed tlie content in question. 

One digital signature scheme uses a private encryption key knovm 
only to the signer and a public encryption key that may be freely distributed. 
5 Information encrypted with the private key can only be unencrypted with the 
public key. Thus, an entity certifying content can ^crypt a hash of the content 
with their private key. Only the public key associpted with the entity can 
properly decrypt the hash. For example, a hash of content may be encrypted 
using a private key assigned to a web-site and decrypted using a public key 

10 mcluded in the site's.certificate. A wide variety of other digital signature 
schemes may be used such as an exchange of a single endyp^^i^ 
of physical devices such as smart cards. 

In the system of FIG. 39, infomiadon needed to validate a digital 
signature may be included with flie certification information. Tbe iiifom:iatioa 

1 5 may include an X.509 certificate for each entity signing the hash. For exan^^Ie, 
an X.509 certificate may mclude the public key needed to decrypt the hash of tiie 
page 1132, a description of tiie entity holding flie private key, and the digital 
signature of some autiiority sudi as VeriSign® testifying to the fruth of the 
information in the certificate (i*C'» that the entity claiming to have signed the hash 

20 is actually the claimed entity). In another embodiment, die information aeeded to 
validate a digital signature (or a ref^ence to this information) may be provided 
by one or more DSig pigital Signature Users Group) digital signature blocks. 

As shown in FIG. 40, after recei^ng the certification information 
(e.g., digital signature and cotificates), tiie trust validator i 138 can use tiie public 

25 key included in the certificate to extract the hash included in the digital signature. 
The trust validator 1 138 can also follow the chain of autiiority 1 162, for example, 
by asking VeriSign® if the public key received is really the public key of the 
entity claiming to have signed tfie hash. The trust validator cari incluae 
information aboxit the cham of authority in a display such as the dialog shown in 
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FIG. 36. After extracting the hash from the certification information, the trust 
validator 1138 can conclude the page was altered or was never certified to begin 
witfi and can notify a user using flie tediniques described above. 

If &e certification informatton includes a digitally signed hash, the 
5 certification information may be transmitted over an insecure connection. li^ 
however, the certification information only includes a hash, a secure connection 
such a secure sockets layer (SSL) connection may be preferred. 

As shown in FIG. 41, instead of a single digital signature or hash, 
certification information may include a manifest 1 170 for content included in a 

10 page. The manifest 1 170 itself may be hashed and digitally signed. As shown m 
FIG. 42, the manifest 1 170 can include the hash values of different page 1 130 
content For example, the manifest 1 170 shown includes a different hash value 
for each picture displayed on the page. The trust validator 1 138 can use fliis 
information to validate each portion of a page individually. The validator 1138 

15 can also use criteria to produce an overall estimation of page certificatioiL This 
CTteria may be provided by rules included in the manifest 1170 (e.g., defining 
valid content collections), logic hard-coded into the validator, and/or as logic 
provided by us«--supplied code (e,g^ a Java script). By default, the validator 
1138 can describe the page as having the lowest certification status of any content 

20 in the page. For example, if any content on the page has expired, the page as a 
whole is deemed e3q)ired. The validator 1 138 may use similar logic for flames. 
That is, the overall certification status of a display is determined by the worst 
certification status of any content in any displayed fiame. 

In some implementations, the trust validator 1 138 can alert a user to 

25 revocation, expiration, and other certification statuses of downloaded content 
FIG. 43 shows a server 1 130 tiiat includes a database table 1 182 describing 
a^^ilable content 1 132. The table 1 182 can include an expiration date for 
certification, a blanket revocation of certification, and other infonnatioh. Upon 
receiving content, the trust validator 1138 can transmit a validation request to 
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validation software 1 180 on the server 1 130. The validation software 1 132 can 
access the table 1 1 82 to verify tiie content was certified and determine whether 
the content has expired or has been revoked. The validation software 1132 can 
transmit the results back to the trust validator 1 138. 
5 Though information in the table 1 182 may be included in the 

certification information received by the client, the table 1 182 enables an 
administrator to centrally alter certification information. The server table 1 182 
can also be used to provide content "vOTioning". For example, a web-site may 
certify a more recent version of information for a URL. Validation software can 

10 look for valid versions of a URL when a client attempts to validate expired or 
revoked content 

FIG. 44 describes this validation process in greats detail. After 
receiving the content and its corresponding certification information 1200 and 
independently determining the certification 1204 for the content, the validator 

15 1 138 can preliminarily determine if the content is certified without accessing the 
server 1 130. For additional validation, the validator 1 138 can also transmit 1206 
certification information (e,g., the hadi) to the server validation software for 
look-up in the server table 1 182. The server table 1 182 can not only verify that 
the content has not expired or been revoked, flie server table 1 1 82 can also 

20 identify more recent content that replaces the content the user downloaded (e.g., 
the URL for the hash submitted has another table entry that has not been 
revoked). The trust validator can then establish a connection to download the 
valid version for display in the browser. 

FIG. 45 shows a secure architecture that distributes server certification 

25 and validation fiinctions between a certification server 1218 and a validation 
server 1232, The certification server 1218 includes certification software 1220 
that certifies submitted content 1214. The certification server 1218 also adds 
table 1 1 82 entries as content is certified. ' 
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An administratioa tool 1216 can manage infonnation stored in the 
table, for example^ to specify an expiration date, delete certification, or revoke 
certification for content 

The certification software 1220 may certify a single piece.of content 
5 or a collection of web-pages using a certification "spider." Certification may be 
performed for fixed or dynamically constructed content After certification, the 
certification server can place certified content on the validation server for 
distribution. 

The validation server 1232 includes validation software 1228 that 
10 accesses the certification server 1220 table 1 1 82 in response to client validation 
requests. The validation server 1232 may maintain a cache of validation data to 
reduce the time spent serving client requests. 

Embodiments 

1 5 The techniques described here are not limited to any particular 

hardware or software configuration; fliey may find applicability in any computing 
or processing environment For example, ftmctions described as being performed 
by a certification server can be distributed across different platforms. 

The techniques may be implemented in hardware or software, or a 

20 combination of the two. Preferably, the techniques are implemented in computer 
programs executing on programmable computers &at each include a processor, a 
storage medium readable by the processor (including volatile and non-volatile 
memory and/or storage elements), at least one input device, and one or more 
output devices. Program code is applied to data entered using the input device to 

25 perform the fiinctions described and to generate ou^ut infonnation. The output 
infonnation is applied to one or more output devices. 

Each program is preferably implemented in a high level procedural or 
object oriented progranuning language to communicate with a computer system. 



-28- 



wo 00/46681 



PCT/USOO/03489 



however, the programs can be implemented in assembly or machine language, if 
desired. In any case, the language may be a compiled or interpreted language. 

Each such computer program is preferably stored on a storage 
medium or device (e.g., CD-ROM, hard disk or magnetic diskette) that is 
5 readable by a general or special purpose programmable computer for configuring 
and operating the computer when the storage medium or device is read by the 
computer to perform the procedures described in this document Hie system may 
also be considered to be implemented as a computer-readable storage medium, 
configured with a computer program, where the storage medium so configured 
1 0 causes a computer to operate in a specific and predefined manner. 

Other embodiments are within the scope of the following claims. 
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What is claimed is: 

1. A method of processing content, comprising: 

storing verification infonmation corresponding to certified content at a 
first computei^ 

receiving a verification request corresponding to content from a 
S second computer; 

det^mining verification information for the content corresponding to 
the verification request; and 

comparing the determined verification mformation witii the stored 
verification information. 

10 

2. The method of claim 1, fiirth^ comprising, receiving content 
certification criteria. 

3. The method of claim 2, wherein certified content comprises 
1 5 content satisfying the content certification criteria, 

4. The method of claim 2, wherein content certification criteria 
comprises a list of required approval. 

20 5 . The method of claim 2, wherein content certification criteria 

comprises programmed logic. 

6. The mctiiod of claim 1, fiirther comprising storing certification 
information. 

25 

7. The method of claim 6, wherein certification information 
comprises at least one of the following: a type of certification granted, entities 
approving c^tification, and when tiie content was certified. " ^ 

30 
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8. The method of claim 1, wherein verification information comprises 
infomiation derived from the content 

9. The method of claim 8, wherein information derived from the 
5 content comprises at least one hash key. 

10. The mefliod of claim 1, wherein the verification request includes 
a URL (Uniform Resource Locator). 

10 1 L Hie method of claim 10, wherem determming verification 

infomiation comprises collecting content from the URL mcluded in the . 
verification request 

12. The method of claim 1, wherein the verification request mcludes 

15 content 

13. The method of claim 12, wherem determinmg verification 
information comprises determinmg verification infomiation for the cont^t 
included in the verification request 

20 

14. The method of claim I, wherein the verification request includes 
verification iaformation. 

15. The method of claim 14, wherein determining verification 
25 mformation comprises usmg tiie verification information mcluded in the 

verification request 
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1 6. The method of claim 1, wherein receiving a verification request 
comprises receiving a request caused by user interaction with a certification 
indicator. 



5 17. The method of claim 16, wherein the certification indicator is 

included in the content 

1 8. Hie method of claim 16, wherein the certification indicator 
comprises a graphic image having associated instructions that produce a 

10 verification request . 

19, The method of claim 1, further comprising transmitting 
certification information to the second computer. 

1 S 20. The method of claim 1, wherein the content comprises at least one 

of the following: graphics, text, animation, sound, and instructions. 

21. The method of claim 1, wherein the content comprises a web- 
page, 

20 

22. TTie metiiod of claun 1, wherein comparing comprises issuing 
verification requests to coimected certification servers. 

23. A metiiod, comprising: 

25 presenting an indication that content has received certification; 

receiving user input requesting verification that the content has 
received the certification indicated; 

transmitting a certification verification request to a certification 

server, and 
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receiving information describing whether the content has actually 
received the certification presented by the indication. 

24. The method of claim 23, wherein presenting an indication 
5 comprises presenting a user interface control 

25. The method of claim 24, wherein receiving user bput comprises 
receiving user input via the user inter&ce control. 

10 26. Tlie method of claun 23, further comprising displaying 

information included in the information received. 

27. The method of claim 23, wherein the information received 
comprises at least one of the following: content authorship, revision number, 

1 S expiration date, and type of certification. 

28. The method of claim 23, wherein transmitting a certification 
verification request comprises transmitting verification information determined 
from the content 

20 

29. The method of claim 28, wherein the verification information 
comprises a bash key. 

30- The metfiod of claim 23, wherein transmitting a certification 
25 verification request comprises transmitting information included in the content 

3 1 . The method of claim 23, wherein transmitting a certification 
verification request comprises transmitting a URL. ' 
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32. A method of controlling content distribution, comprising: 
receiving certification requirements for.content to be distributed; 
identifying content to be distributed; and 

determining whether the identified content satisfies the received 
S certification requirements. 

33. Themethodof claim 32, wherein identifying content .comprises 
receiving a request for content 

10 34. The method of claim 32, wiierein identifying content comprises 

collecting content from a set of locations. 

35. The method of claim 32, wherein the determining comprises 
identifying at least one digital signature associated with the content 

15 

36, The method ofclaim 32, wherein the determining comprises 
determining verification information for the content 

37, A method of processing content received ftom a networked 

20 computer in response to a browser request for content, the method comprising: 

receiving certification information associated with content received by 
the browser; 

determining a certification status for content based on the received 
certification information; and 
25 displaying at least one indication of the determined certification status 

of the content ' 

38. The method ofclaim 37, v^erein the indication comprises a 
persistant indication displayed with the content. 
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39. The method of claim 37, wherein the indication comprises a 
taskbar button. 

5 40. The method of claim 37, wherein the indication comprises a tray 

icon. 

41 . The method of claim 37, wherein displaying at least one 
indication comprises processing the content to include one or 

10 more indications. 

42. Ite method of claim 41, wherein processing the content 
comprises altering visual representation of the content 
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